Unrated severityNVD Advisory· Published Jul 8, 2008· Updated Apr 23, 2026

CVE-2008-2248

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

Affected products

Microsoft/Exchange Server3 versions
cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2007:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:*
Microsoft/Outlook Web Access
cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039nvdPatchVendor Advisory
secunia.com/advisories/30964nvdNot ApplicableThird Party Advisory
www.securityfocus.com/bid/30078nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.us-cert.gov/cas/techalerts/TA08-190A.htmlnvdNot ApplicableThird Party AdvisoryUS Government Resource
exchange.xforce.ibmcloud.com/vulnerabilities/43329nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5695nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2021/referencesnvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000